[FFmpeg-trac] #7484(avcodec:new): av_packet_ref(): Allocates array on zero src size
FFmpeg
trac at avcodec.org
Thu Jan 3 00:40:10 EET 2019
#7484: av_packet_ref(): Allocates array on zero src size
------------------------------------+-----------------------------------
Reporter: zerodefect | Owner:
Type: defect | Status: new
Priority: normal | Component: avcodec
Version: | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+-----------------------------------
Comment (by zerodefect):
I took a stab at this over the end-of-year break. I think the best way to
solve this is to disable allocation of an AVPacket with size of 0:
{{{
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index e160ad3033..df4cafc6da 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -71,7 +71,7 @@ void av_packet_free(AVPacket **pkt)
static int packet_alloc(AVBufferRef **buf, int size)
{
int ret;
- if (size < 0 || size >= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
+ if (size <= 0 || size >= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
return AVERROR(EINVAL);
ret = av_buffer_realloc(buf, size + AV_INPUT_BUFFER_PADDING_SIZE);
}}}
I applied the above patch to latest.
As per the development guidelines, I tried out the fate suite of tests,
but I notice that the `acodec-flac` test fails which could be bad. I tried
to follow the make file, but I struggled to quite understand how fate
works in order to debug.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/7484#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list